Ethical Hacker Threatened and Intimidated by Banks After Finding Exploit

An Indian IT Security Professional showed a panel of experts at the National Law School in India how a sophisticated MitB (Man in the Browser) vulnerability could be exploited to allow an unknown cyber criminal to siphon funds from the unaware customer. In return for trying to assist the banks with the security flaw, the banks have instead hounded and harassed him to no end to silence him and have his PoC (Proof of Concept) videos removed from the Internet. Your money, it would appear, is not their concern........

Ethical hacker lol, why put the security info out on the netz? Why, if he was really concerned, not go directly to the banks concerned and show them the issue?

Stupid

You're not really familiar with what Proof of Concept is now are you?

Here, let me quote the article directly since you haven't read it.

demonstrated the vulnerability using his own personal account, recording his Proof of Concept and detailing the method, without disclosing to the public any of the binary codes or other vitals that would allow it to be implemented by the very same element he was trying to protect the Bank's customers from.

Clearer now?

Not to mention that in the past those who did go to the banks to tell them about the issues directly were also sued. Did you not notice how the bank even denies the existence of the vulnerability and accuses him of slander? They'd rather do that than fix a security hole that can affect YOUR account. Food for thought.

Yes, it exists, you know, like bill gates, or steve jobs. Or people who work in the computer security industry and help fix security holes. Go look up the definition of hacker and realise your derp.

Let me spare some the mental fortitude they lack and are too retarded to use Google:

TL;DR version:

The word "Hack" came from MIT back in the 50s by two dudes who made a old school game called "Space Wars!". Back then: Computers used punch cards and didn't use keyboards for input.... So to make something this elaborate (at the time), you had to make a whole fuckton of punch cards...

Now, before the nets came around to the general populace and before shit like MPAA/RIAA/DMCA/FAG/etc. people had full range of these cards for the game. Well, one of the guys (the lazier of the two) loved to make up words. Whenever somebody "changed" the cards to change the game, he said they "hacked" the game...

Yes, it exists, you know, like bill gates, or steve jobs. Or people who work in the computer security industry and help fix security holes. Go look up the definition of hacker and realise your derp.

Steve Jobs known for stealing architecture and putting a fancy face on it and Bill Gates known for stealing, well everything, to get Microsoft off the ground. Totally ethical. Go read about them alittle more and realize your derp to my derp. Inderption.

Steve Jobs known for stealing architecture and putting a fancy face on it and Bill Gates known for stealing, well everything, to get Microsoft off the ground. Totally ethical. Go read about them alittle more and realize your derp to my derp. Inderption.

I don't know about Steve Jobs, but Bill Gates is genuinely an awesome human being. As for the bank, this would be a great example of what to do if you want to quickly and cheaply generate some bad PR for yourself. Why you would want to do that I don't know, but they've shown us a great way to do it.

Not to mention that in the past those who did go to the banks to tell them about the issues directly were also sued. Did you not notice how the bank even denies the existence of the vulnerability and accuses him of slander? They'd rather do that than fix a security hole that can affect YOUR account. Food for thought.

Bullshit and drama, no bank is going to leave a security issue once known about, they would quickly go out of business.

I don't know about Steve Jobs, but Bill Gates is genuinely an awesome human being. As for the bank, this would be a great example of what to do if you want to quickly and cheaply generate some bad PR for yourself. Why you would want to do that I don't know, but they've shown us a great way to do it.

Can't think of other causes he did. I am sure he gave some money to some third world shithole too....

Seriously though: I am sure Steve did something along the lines of Bill Gates.

As for the bank: Fact of the matter is: The bank should not have done this and fix this error immediately. All this is going to do is make themselves look like assholes and make investors reconsider their stance.

The IT guy is clearly discussing a species of attack, not distributing an exploit that attacks some specific bank. This is the kind of abstract information that is discussed by security professionals all the time.

He did it at a freaking LAW SCHOOL, for fuck's sake. Do you think a law school hosts some kind of black hat hacker convention?

WTF does it have to do with customers? Bank gets robbed, not customers.

If a hacker goes in and messes with computers... and accounts... and bank doesn't catch it... (or pretends to not catch it) then customer loses money, bank plays dumb, poor person has no money bank still fine.
was that simple enough for you??? DO I need to use my kindergarten voice?

I don't know about Steve Jobs, but Bill Gates is genuinely an awesome human being. As for the bank, this would be a great example of what to do if you want to quickly and cheaply generate some bad PR for yourself. Why you would want to do that I don't know, but they've shown us a great way to do it.

Bank publicly denies there is a problem but then quietly fixes the vulnerability. Win-win for the bank.

WTF does it have to do with customers? Bank gets robbed, not customers.

Maybe you don't know this but: Banks have to pay back customers should they accidentally the whole customer's money. If banks have to do that, who do you think pays the bank back?

Hint: Look in the mirror.

...And NO: FDIC does not insure every single penny lost. I believe they insure up to $250,000 and that is it. Banks have to pay to be insured by it and guess what will happen to the bank's insurance rates, FDIC or not, if they lose customer's money in robberies? They will go up. Guess who will pay more by raising rates, service charges, etc. so the bank will make that money back?

Hint: Look in the mirror.

But who cares according to you. Banks are evil and are ran by demons not people with families and lives.

If a hacker goes in and messes with computers... and accounts... and bank doesn't catch it... (or pretends to not catch it) then customer loses money, bank plays dumb, poor person has no money bank still fine.
was that simple enough for you??? DO I need to use my kindergarten voice?

Now, there is little room for argument that some good ideas do get shot down due to the trolling and what not. I'll admit I do it. However sometime an idea just is not a good one and it deserves a mocking. If a user survives it, then they are stronger for the wear. I don't like it. I don't like doing it... but bullshit is bullshit and, last I checked, had a right to call bullshit. If I am wrong, to which I am sure you and others will point out, then I am wrong.

However, in this case: The poster is just plain wrong. Whether you accept that fact or not is immaterial. You may not like it, but nobody here is the leader and nobody has any kind of sway as to whether or not an idea is accepted.

Okay, so he/she is plain wrong. And? If I remember correctly, the scilons are too.

Have I been trolling them? Yes.
Have I ever refused a conversation/discussion with them, even if they threatened me or someone else nearby? No.

As we both know, threats are a sign of weakness. Unless you seriously consider them as 'a warning'..

Let's get back to this.
Let's say, you are raiding and some scilon comes outside and starts telling the same things as the poster above.

Okay, I would be like Lolno at first too, but I wouldn't ignore him/her for the rest of the time.

1. It ain't working as (s)he would continue telling lies some people might consider plausible.
2. Maybe these things are being told to him/her and (s)he might not be aware these are lies.
3. Everyone, including the ones that act retarded, have the right to get the right information and a honest and fair point in an argument/discussion.

Do I agree with the threat? Do you actually seriously think I do....? Fuck no.

Do I think the post should be modified because of the threat, the poster not to be banned and a normal discussion should be held in a separate thread to inform this user about the current things concerning Anon and maybe open his/her mind? Yes, I do.

If you disagree with that last part, well, I guess you're not that much into freedom of speech and freedom of knowledge/information and freedom of a fair trial/discussion.

Ethical hacker lol, why put the security info out on the netz? Why, if he was really concerned, not go directly to the banks concerned and show them the issue?

Stupid

do u think he was hoping that it would bring us " as americans " togeather too do something about it , instead of sitting on our asses like we always do, i think the reason why he didnt go to the banks with it , is because he knew they could use it to there advantage , to screw us more,,

do u think he was hoping that it would bring us " as americans " togeather too do something about it , instead of sitting on our asses like we always do, i think the reason why he didnt go to the banks with it , is because he knew they could use it to there advantage , to screw us more,,

do u think he was hoping that it would bring us " as americans " togeather too do something about it , instead of sitting on our asses like we always do, i think the reason why he didnt go to the banks with it , is because he knew they could use it to there advantage , to screw us more,,

The IT guy is clearly discussing a species of attack, not distributing an exploit that attacks some specific bank. This is the kind of abstract information that is discussed by security professionals all the time.

He did it at a freaking LAW SCHOOL, for fuck's sake. Do you think a law school hosts some kind of black hat hacker convention?

These people clearly know what they're doing.

The banks clearly don't. Period.

This sounds like a more likely story of what happend. thx muldrake

Face the fack that no matter what the banks do to secure online banking it will never be 100% secure.

"It’s in the best interest of a company that finds itself compromised by a hacker not to prosecute, but instead work with the hacker to fix whatever problems he or she has uncovered — sort of a “if you can’t beat ’em, join ’em” philosophy. Of course, the government doesn’t usually see it this way, as proven yet again with the hounding of Adrian Lamo (see Chapter 5, “The Robin Hood Hacker”), saddled with a felony conviction despite the fact that he (for the most part) provided a public service by advising companies of their vulnerabilities.
Prosecuting can certainly be a lose/ lose situation, especially if the company never learns the particular vulnerabilities the hacker used to infiltrate its network. As a knee-jerk response, firewalls and other defenses are piled on, but it’s an approach that may completely overlook the unseen flaws that astute hackers may discover, not to mention all the ones already well-known to the hacker community"